]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c266322) | patch
Reduce our NEW_TOKEN send rate.
authorNeil Horman <nhorman@openssl.org>
Tue, 28 Jan 2025 13:58:19 +0000 (08:58 -0500)
committerNeil Horman <nhorman@openssl.org>
Mon, 17 Feb 2025 16:27:33 +0000 (11:27 -0500)
commit642fde861688581e0be672fe89735477102a562e
tree327801c8016fa566d174e600039ecaba7aa6a5detree
parentc266322bd1e2842dd92e7e2fc1043d1ade987c57commit | diff
Reduce our NEW_TOKEN send rate.

Currently, we send a NEW_TOKEN frame on every new validated connection,
but thats not necessecary.  Since NEW_TOKEN tokens have a lifetime of 1
hour currently, we really only need to send a NEW_TOKEN if:
1) We validated a RETRY token
or
2) We validated a NEW_TOKEN for which the lifetime is nearing its limit

So lets do that.  When we validate a token, only generate a NEW_TOKEN if
the current token is a RETRY token, or if its a NEW_TOKEN, and there is
less than 10% of the tokens lifetime remaining.

This lets clients use NEW_TOKENS repeatedly (as per the RFC), and saves
us some network bandwith.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
ssl/quic/quic_port.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git